[Kimchi-devel] [PATCH V3] spec: Open 8000 and 8001 port by default
taget at linux.vnet.ibm.com
taget at linux.vnet.ibm.com
Tue Dec 24 08:10:55 UTC 2013
From: Eli Qiao <taget at linux.vnet.ibm.com>
V3 - V2 changes:
1.Rename kimchid.xml to firewalld.xml (Mark)
2.Remove firewalld from serivce require (Mark)
3.Fix typo
V2 - V1 changes:
1.Add firewalld sevice configure file kimchid.xml to help open iptables port (Mark)
2.Add Ubuntu iptables rule (Royce)
Add iptable rules to open 8000 and 8001 port.
1. For fedora, ubuntu and RHEL7, add a firewalld.xml to use firewalld daemon to open port
8000 and 8001.
2. For suse and RHEL6.x, add iptables static rules to open port 8000 and 8001.
Signed-off-by: Eli Qiao <taget at linux.vnet.ibm.com>
---
contrib/DEBIAN/control.in | 3 ++-
contrib/DEBIAN/postinst | 2 ++
contrib/DEBIAN/postrm | 2 ++
contrib/kimchi.spec.fedora.in | 19 +++++++++++++++++++
contrib/kimchi.spec.suse.in | 10 ++++++++--
src/Makefile.am | 1 +
src/firewalld.xml | 7 +++++++
7 files changed, 41 insertions(+), 3 deletions(-)
create mode 100644 src/firewalld.xml
diff --git a/contrib/DEBIAN/control.in b/contrib/DEBIAN/control.in
index 380584c..c0ea1f1 100644
--- a/contrib/DEBIAN/control.in
+++ b/contrib/DEBIAN/control.in
@@ -17,7 +17,8 @@ Depends: python-cherrypy3 (>= 3.2.0),
python-psutil (>= 0.6.0),
python-ethtool,
sosreport,
- python-ipaddr
+ python-ipaddr,
+ firewalld
Build-Depends:
Maintainer: Aline Manera <alinefm at br.ibm.com>
Description: Kimchi web server
diff --git a/contrib/DEBIAN/postinst b/contrib/DEBIAN/postinst
index c1fc22e..b27205c 100755
--- a/contrib/DEBIAN/postinst
+++ b/contrib/DEBIAN/postinst
@@ -19,3 +19,5 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
service kimchid start
+/usr/bin/firewall-cmd --reload
+/usr/bin/firewall-cmd --add-service kimchid
diff --git a/contrib/DEBIAN/postrm b/contrib/DEBIAN/postrm
index ef90b49..3c70584 100755
--- a/contrib/DEBIAN/postrm
+++ b/contrib/DEBIAN/postrm
@@ -26,3 +26,5 @@ case "$1" in
rm -rf /var/log/kimchi /var/run/kimchi.pid /usr/share/kimchi/
;;
esac
+
+/usr/bin/firewall-cmd --remove-service kimchid
diff --git a/contrib/kimchi.spec.fedora.in b/contrib/kimchi.spec.fedora.in
index 14ec359..57baead 100644
--- a/contrib/kimchi.spec.fedora.in
+++ b/contrib/kimchi.spec.fedora.in
@@ -34,6 +34,7 @@ BuildRequires: python-unittest2
%if 0%{?with_systemd}
Requires: systemd
+Requires: firewalld
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
@@ -63,6 +64,7 @@ make DESTDIR=%{buildroot} install
%if 0%{?with_systemd}
# Install the systemd scripts
install -Dm 0644 contrib/kimchid.service.fedora %{buildroot}%{_unitdir}/kimchid.service
+install -Dm 0640 src/firewalld.xml %{buildroot}%{_prefix}/lib/firewalld/services/kimchid.xml
%endif
%if 0%{?rhel} == 6
@@ -83,16 +85,32 @@ fi
%if 0%{?rhel} == 6
start kimchid
+# Add defult iptable rules to open 8000 and 8001 port
+iptables -I INPUT -p tcp --dport 8000 -j ACCEPT
+iptables -I INPUT -p tcp --dport 8001 -j ACCEPT
+service iptables save
%else
service kimchid start
+# Add firewalld rules to open 8000 and 8001 port
+/usr/bin/firewall-cmd --reload
+/usr/bin/firewall-cmd --add-service kimchid
%endif
%preun
+%if 0%{?rhel} == 6
+iptables -D INPUT -p tcp --dport 8000 -j ACCEPT
+iptables -D INPUT -p tcp --dport 8001 -j ACCEPT
+service iptables save
+%else
+/usr/bin/firewall-cmd --remove-service kimchid
+%endif
+
if [ $1 -eq 0 ] ; then
# Package removal, not upgrade
/bin/systemctl --no-reload disable kimchid.service > /dev/null 2>&1 || :
/bin/systemctl stop kimchid.service > /dev/null 2>&1 || :
fi
+
exit 0
@@ -153,6 +171,7 @@ rm -rf $RPM_BUILD_ROOT
%if 0%{?with_systemd}
%{_unitdir}/kimchid.service
+%{_prefix}/lib/firewalld/services/kimchid.xml
%endif
%if 0%{?rhel} == 6
/etc/init/kimchid.conf
diff --git a/contrib/kimchi.spec.suse.in b/contrib/kimchi.spec.suse.in
index 9051284..dde9dae 100644
--- a/contrib/kimchi.spec.suse.in
+++ b/contrib/kimchi.spec.suse.in
@@ -46,10 +46,16 @@ install -Dm 0755 contrib/kimchid.sysvinit %{buildroot}%{_initrddir}/kimchid
%post
service kimchid start
chkconfig kimchid on
-
+# Add iptables rules to open 8000 and 8001 port
+iptables -I INPUT -p tcp --dport 8000 -j ACCEPT
+iptables -I INPUT -p tcp --dport 8001 -j ACCEPT
+service iptables save
%preun
service kimchid stop
-
+# Remove iptables rules to open 8000 and 8001 port
+iptables -D INPUT -p tcp --dport 8000 -j ACCEPT
+iptables -D INPUT -p tcp --dport 8001 -j ACCEPT
+service iptables save
%clean
rm -rf $RPM_BUILD_ROOT
diff --git a/src/Makefile.am b/src/Makefile.am
index 7d29e28..7514870 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -24,6 +24,7 @@ SUBDIRS = kimchi distros.d
EXTRA_DIST = kimchid.in \
kimchi.conf.in \
+ firewalld.xml \
$(NULL)
bin_SCRIPTS = kimchid
diff --git a/src/firewalld.xml b/src/firewalld.xml
new file mode 100644
index 0000000..dee4599
--- /dev/null
+++ b/src/firewalld.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="utf-8"?>
+<service>
+ <short>kimchid</short>
+ <description>Kimchid is a daemon service for kimchi whichi is a HTML5 based management tool for KVM. It is designed to make it as easy as possible to get started with KVM and create your first guest.</description>
+ <port protocol="tcp" port="8000"/>
+ <port protocol="tcp" port="8001"/>
+</service>
--
1.7.1
More information about the Kimchi-devel
mailing list